Publicado em 18 de out.

[Resolvido] &nbspComputador lento e dificuldade para abrir sites

De uns dias pra cá meu computador tem ficado muito lento, principalmente ao tentar abrir sites de compras que eu usava frequentemente .. eles simplesmente não carregam.

Segue o log do hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:55:11, on 18/10/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe

C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\ngsrv\epsng_certd.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\AVG\AVG2012\avgtray.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe

C:\Arquivos de programas\ngsrv\ngslotd.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://unimesvirtual.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0F0B0D0FtC0DtC0F0DtB0CtN0D0Tzu0StBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=524142842

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\ARQUIV~1\Funmoods\1.5.23.22\bh\escort.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\ARQUIV~1\Funmoods\1.5.23.22\escorTlbr.dll (file missing)

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [EEventManager] "C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [EPSON TX133 TX135 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE /FU "C:\WINDOWS\TEMP\E_SE9.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Atalho para LogMeIn.lnk = C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.bancosantander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: http://www.santanderempresarial.com.br

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe

O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe

O23 - Service: ngSlotDaemon (ngSlotD) - OEM - C:\Arquivos de programas\ngsrv\ngslotd.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

End of file - 12885 bytes

Discussão (17)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

DigRam· 18 de out.

Boa Tarde! carol2906

|- Desinstale: C:\Arquivos de programas\AVG\AVG2012

-/-

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/adwcleaner_logo.jpg&key=e2bde0dd8c13fd52e18ca6fc88e8f2d73040a387059f8bc22a53202f0de6f95f" alt="adwcleaner_logo.jpg" /> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/AdwCleaner_Delete.jpg&key=75f446191cf36528cf6179827354e5d573f05557fda01df5a7ea91d29f5b7dee" alt="AdwCleaner_Delete.jpg" />

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

Abs!

carol2906· 18 de out.

Veja se está correto o que eu fiz... eu não achei link no relatório do segundo programa rodado, espero que eu tenha feito o certo...

AdwCleaner v2.005 - Logfile created 10/18/2012 at 16:55:03

Updated 14/10/2012 by Xplode

Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

User : Carol - CASA-46997CABD5

Boot Mode : Normal

Running from : C:\Documents and Settings\Carol\Desktop\adwcleaner.exe

Option [Delete]

*** [services] ***

*** [Files / Folders] ***

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Ask

*** [Registry] ***

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Key Deleted : HKLM\SOFTWARE\Classes\f

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\Software\ImInstaller

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

*** [internet Browsers] ***

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0F0B0D0FtC0DtC0F0DtB0CtN0D0Tzu0StBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=524142842 --> hxxp://www.google.com

*************************

AdwCleaner[s1].txt - [6003 octets] - [18/10/2012 16:55:03]

########## EOF - C:\AdwCleaner[s1].txt - [6063 octets] ##########

------------------------------------------------------------

Rapport de ZHPDiag v1.31.24 par Nicolas Coolman, Update du 22/09/2012

Run by Carol at 18/10/2012 17:01:14

Web site : http://nicolascoolman.skyrock.com/

State :

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702

GCIE: Google Chrome v22.0.1229.94 (Defaut)

---\\ Windows Product Information

~ Langage: Anglais

Windows XP Professional Service Pack 3 (Build 2600)

Windows Automatic Updates : OK

Windows Genuine Advantage : OK

---\\ System Information

~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3055 MB (76% free)

System Restore: Activé (Enable)

System drive C: has 67 GB (69%) free of 98 GB

---\\ Logged in mode

~ Computer Name: CASA-46997CABD5

~ User Name: Carol

~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Carol, ASPNET, Administrador,

~ Unselected Option: O45,O61,O62,O65,O82

Logged in as Administrator

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Documents and Settings\Carol\Dados de aplicativos\

~ %Desktop% : C:\Documents and Settings\Carol\Desktop\

~ %Favorites% : C:\Documents and Settings\Carol\Favoritos\

~ %LocalAppData% : C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\

~ %StartMenu% : C:\Documents and Settings\Carol\Menu Iniciar\

~ %Windir% : C:\WINDOWS\

~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 67 Go of 98 Go)

D:\ CD-ROM drive (Not Inserted)

E:\ Hard drive, Flash drive, Thumb drive (Free 95 Go of 98 Go)

F:\ Hard drive, Flash drive, Thumb drive (Free 60 Go of 103 Go)

---\\ Security Center & Tools Informations

~ UAC deactivate by user

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Scan Security Center in 00mn 00s

---\\ Search Generic System Files

[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]

[MD5.92E6AC77CEA3564889B86A5E73CF785C] - (.Microsoft Corporation - Internet Extensions for Win32.) (.22/08/2011 - 20:41:22.) -- C:\WINDOWS\system32\wininet.dll [916480]

[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]

[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]

[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]

[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]

[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]

[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]

[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]

[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]

[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]

[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]

[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]

[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]

[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]

[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]

[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]

[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]

[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/04/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]

~ Scan Generic Processes in 00mn 00s

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 3/5839

~ Mes musiques (My Musics) : 135/726

~ Mes Videos (My Videos) : 2/251

~ Mes Favoris (My Favorites) : 1/10

~ Mes Documents (My Documents) : 19/8787

~ Mon Bureau (My Desktop) : 2/223

~ Menu demarrer (Programs) : 1/39

~ Scan Hidden Files in 00mn 16s

---\\ Running Processes

[MD5.7C355B14CA0C2D1940857B3779E04F4F] - (.Unknown owner - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [281584] [PID.]

[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.]

[MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.]

[MD5.A12175F063302CD68F8FC6D572D7E5FD] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [161768] [PID.]

[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.]

[MD5.53CB493291C3141AC644242276C3E41D] - (.SEIKO EPSON CORPORATION - MyEpson Portal Service.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [703616] [PID.]

[MD5.6B5AF2DE1781726755B11FBDC57432F7] - (.OEM - ngslotd.) -- C:\Arquivos de programas\ngsrv\ngslotd.exe [56832] [PID.]

[MD5.D31F88C5F19EEFA366A415D6BC5F2ABC] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.]

[MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe [186760] [PID.]

[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.]

[MD5.6A83BFA130F303D445FB12C85A44CB48] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe [2366592] [PID.]

[MD5.A7C659135E8512A55C0A5BD43829B8D5] - (.OEM - Certificate Daemon.) -- C:\Arquivos de programas\ngsrv\epsng_certd.exe [93184] [PID.]

[MD5.24B588F915B45310229D5C3F3674D356] - (.Yuna Software - Messenger Plus! 5.) -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe [801792] [PID.]

[MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [31072] [PID.]

[MD5.BF0EE37A14144C88A9F6FDA7B44981BB] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe [979328] [PID.]

[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [252848] [PID.]

[MD5.2B0E00BC0C1C8E4CBD12FFE81A0E13B6] - (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe [102400] [PID.]

[MD5.3E24FD32D5E2B20177CEF2D985D2AA19] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.exe [208384] [PID.]

[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.]

[MD5.848D034D067BE2FF5CD3D779BECBDA00] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe [1239064] [PID.]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Documents and Settings\Carol\Desktop\ZHPDiag_silent.exe [794216] [PID.]

[MD5.A1999D0386C241AACEA536FF39E6E2D9] - (...) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [3765248] [PID.]

[MD5.B122D463C76E0305C6F0C76932969F62] - (.Microsoft Corporation - Servidor de gerenciamento de recursos do ca.) -- C:\WINDOWS\System32\SCardSvr.exe [99328] [PID.]

[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.]

~ Scan Processes Running in 00mn 00s

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\npdeploytk.dll

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.4.634.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.7.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\WINDOWS\system32\npDeployJava1.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.7.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.7.2 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.10411.0.) -- C:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.Unknown owner - Photodex Presenter Plugin 4,10,0,2737.) -- C:\Arquivos de programas\Photodex Presenter\npPxPlay.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.123\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.123\npGoogleUpdate3.dll

~ Scan Firefox Browser in 00mn 00s

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://unimesvirtual.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1

~ Scan IE Browser in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Scan Keys in 00mn 00s

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 1

---\\ Browser Helper Objects (O2)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Orphean Key

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key

O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Orphean Key

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key

O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} Orphean Key

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} Orphean Key

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} Orphean Key

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key

~ Scan BHO in 00mn 00s

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: (no name) - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (...) -- (.not file.)

O3 - Toolbar: (no name) - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (...) -- (.not file.)

~ Scan Toolbar in 00mn 00s

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [epsng_certd] . (.OEM - Certificate Daemon.) -- C:\Arquivos de programas\ngsrv\epsng_certd.exe

O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NPSStartup] Orphean Key

O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 5.) -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\qttask.exe

O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [EPSON TX133 TX135 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe

O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-21-725345543-920026266-1801674531-1005\..\Run: [EPSON TX133 TX135 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJB.exe

~ Scan Application in 00mn 00s

---\\ Other User Links (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\aTube Catcher.lnk . (.DsNET.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\DOI Versão 6.1.lnk . (.Company.) -- C:\Arquivos de Programas RFB\DOI61\DOI.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Google SketchUp 8.lnk . (.Google, Inc..) -- C:\Arquivos de programas\Google\Google SketchUp 8\SketchUp.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MyEpson Portal.lnk . (.SEIKO EPSON CORPORATION.) -- C:\Arquivos de programas\epson\MyEpson Portal\mep.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Receitanet 1.01 .lnk . (.SERPRO - Serviço Federal de Processamento d.) -- C:\Arquivos de programas\Programas RFB\Receitanet\Windows\Receitanet.exe

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\Atalho para Ares.lnk . (.Ares Development Group.) -- C:\Arquivos de programas\Ares\Ares.exe

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\Atalho para uTorrent.lnk . (.BitTorrent, Inc..) -- C:\Arquivos de programas\uTorrent\uTorrent.exe

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\AULAS.lnk . (...) -- F:\Documents and Settings\Carol\AULAS

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Documents and Settings\Carol\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2012\IRPF2012.exe

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\PUC PEDAGOGIA.lnk . (...) -- F:\Documents and Settings\Carol\PUC PEDAGOGIA

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\ZHPDiag.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\ZHPDiags.exe

O4 - Global Startup: C:\Documents And Settings\Carol\Desktop\ZHPFix.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\ZHPFix.exe